Significant Cyber Incidents
This timeline records significant cyber incidents since 2006. We focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.
Download the Full Incidents List
Below is a summary of incidents from over the last year. For the full list, click the download link above.
May 2022. A DDoS attack targeted the Port of London Authority, forcing its website to go offline. A group linked to Iran took responsibility for the hack.
May 2022. A phishing campaign targeted the Jordan Ministry of Foreign Affairs. Researchers attributed the attack to an Iranian cyber espionage actor.
May 2022. The Ethiopian Information Network Security Agency (INSA) stated hackers targeted the Grand Ethiopian Renaissance Dam (GERD). Ethiopia’s communications security agency thwarted the attacks before hackers could gain access to the networks.
May 2022. Hackers targeted Greenland’s healthcare system, causing networks to crash throughout the island. While an initial diagnosis determined the attack did not damage or expose citizens’ data, it made health services severely limited.
May 2022. A Chinese hacking group stole intellectual property assets from U.S and European companies since 2019 and went largely undetected. Researchers believe the group is backed by the Chinese government.
May 2022. State-sponsored hackers took down RuTube, the Russian version of YouTube, according to the company.
May 2022. Russian hackers hit Italian websites with a DDoS attack, including the Senate, the Ministry of Defence and the National Health Institute. The group states its goal was to target NATO countries and Ukraine.
April 2022. The Romanian National Directorate of Cyber Security said that multiple public and private sector websites were hit with DDoS attacks. The victims included the ministry of defense, border police, national railway company, and the OTP Bank. A group claiming credit for the attack said on Telegram that it hacked the websites because Romania supported Ukraine since the Russian invasion of the country.
April 2022. Cybersecurity researchers identified a new campaign by Russian-linked hackers that started in January and targets diplomats and embassy officials from France, Poland, Portugal, and other countries. The hacks started with a phishing email to deliver a malware-laden file to the target.
April 2022. Iranian state television claimed that the government foiled cyber intrusions that targeted more than 100 public sector agencies. They provided no further information on the incident.
April 2022. Russian hackers targeted the Costa Rican Ministry of Finance in a cyberattack, crippling tax collection and export systems. The newly elected President of Costa Rica declared a national emergency as a result of the attack and the group asked for $20 million in ransom or it plans to leak the stolen data.
April 2022. Hackers targeted members of the European Commission with spyware developed by NSO Group. An Apple notification from November to thousands of iPhone users stating they were targeted by state-sponsored actor alerted the Commission of this spyware use.
April 2022. A North Korea-linked hacking campaign using phishing emails sent from fake job recruiters targeted chemical companies in South Korea.
April 2022. A Citizen Lab study discovered actors used NSO Group spyware to target at least 65 Catalonian activists and political figures.
April 2022. The U.S. Treasury Department’s Office of Foreign Assets Control attributed the March 29 hack of Ronin Network to a North Korean hacking group and announced sanctions against the hackers. The group stole over $540 million in Ethereum and USDC.
April 2022. Hackers launched DDoS attacks against websites belonging to the Finnish Ministries of Defence and Foreign Affairs. The attack’s botnet used over 350 IP addresses from around the world and the denial of service was sustained for four hours.
April 2022. Hamas-linked cyber actors used a network of fake Facebook and Twitter profiles to surveil members of the Israeli security establishment. The actors also used WhatsApp to grow trust with their targets, then requesting them to download an app with malware.
April 2022. Hackers targeted the Telegram accounts of Ukrainian government officials with a phishing attack in an attempt to gain access to the accounts.
April 2022. Cybersecurity researchers observed hackers penetrating the networks of at least 7 Indian State Load Dispatch Centres (SLDCs) which oversee operations for electrical grid control. The SLDCs manage SCADA systems and researchers suggested that PLA-linked hackers may be involved.
April 2022. A social media platform disrupted two Iranian-linked cyber espionage campaigns that targeted activists, academics, and private companies. The campaign targeted businesses in the energy, semiconductor, and telecom sectors in countries including the U.S., Israel, Russia, and Canada by using phishing and other social engineering techniques.
April 2022. A group targeted several Ukrainian media organizations in an attempt to gain long-term access to their networks and collect sensitive information, according to researchers. The group has connections to the Russian GRU.
April 2022 . The United States removed Russian malware from computer networks around the world, a move made public by made public by Attorney General Merrick B. Garland. While it is unclear what the malware’s intention was, authorities noted it could be used from anything from surveillance to destructive attacks. The malware created a botnet controlled by the Russian GRU.
April 2022 . Hackers targeted a Ukrainian energy facility, but CERT-UA and private sector assistance largely thwarted attempts to shutdown electrical substations in Ukraine. Researchers believe the attack came from the same group with ties to the Russian GRU that targeted Ukraine’s power grid in 2016, using an updated form of the same malware.
April 2022: Hackers targeted Ukraine’s National Post Office with a DDoS attack, days after releasing a new stamp honoring a Ukrainian border guard. Th attack affected the agency’s ability to run their online store.
March 2022. Hackers used a DDoS attack to shut down the National Telecommunications Authority of the Marshall Islands. The attack disrupted internet services on the Islands for over a week.
March 2022. Pakistani government-linked hackers targeted Indian government employees in an espionage operation. The group also created fake government and military websites to deliver malware to their targets.
March 2022. An attack on a satellite broadband service run by the American company Viasat disrupted internet services across Europe, including Ukrainian military communications at the start of the Russian invasion. The attackers hacked satellite modems belonging to thousands of Europeans to disrupt the company’s service.
March 2022. Hackers penetrated the websites belong to multiple Russian agencies including the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, and the Federal Bailiff Service. The websites displayed several anti-government and anti-invasion images and messages before the agencies were able to expel the attackers.
March 2022. The U.S. Department of Justice charged four Russian government employees involved in hacking campaigns that took place between 2012 and 2018. The hacks targeted critical infrastructure companies and organizations largely in the energy sector. The hackers sought to install backdoors and deploy malware in the operational technology of their targets.
March 2022. Hackers defaced and disrupted several Russian government and state media websites, according to the Russian Ministry of Digital Development and Communications. The Emergency Situations Ministry website was hacked, and the attackers wrote messages encouraging Russian soldiers to defect. Tass, a state-run news agency, was also penetrated and hackers displayed a call for people to “take to the streets against the war.”
March 2022. The National Research Council, Canada’s biggest state-funded research agency, shared that hackers penetrated its networks. An announcement on the Council’s website explained that parts of its online presence were taken offline as a result of this incident.
March 2022. Hackers linked to the Chinese government penetrated the networks belonging to government agencies of at least 6 different U.S. states in an espionage operation. Hackers took advantage of the Log4j vulnerability to access the networks, in addition to several other vulnerable internet-facing web applications.
March 2022. Hackers used a DDoS attack to target a major Israeli telecommunication provider. As a result, multiple Israeli government websites were taken offline.
February 2022. Researchers identified campaigns by two North Korean government-backed groups targeting employees across numerous media, fintech, and software companies. The hackers used phishing emails advertising fake job opportunities and exploited a vulnerability in Google Chrome to compromise the companies’ websites and spread malware.
February 2022. The websites of the Ukrainian Cabinet of Ministers and Ministries of Foreign Affairs, Infrastructure, and Education were disrupted in the days before Russian troops invaded Ukraine. Wiper malware was also used to penetrate the networks of one Ukrainian financial institution and two government contractors.
February 2022. A Beijing-based cybersecurity company accused the U.S. National Security Agency of engineering a backdoor to monitor companies and governments in over 45 countries around the world. A Foreign Ministry spokesman said that operations like this may threaten the security of China’s critical infrastructure and compromise trade secrets.
February 2022. On February 15, a DDoS attack knocked websites belonging to the Ukrainian Defense Ministry and two of the country’s largest banks offline. The U.S. and the UK attributed the attack to the Russian GRU. The Ukrainian Cyber Police claimed that the attack was connected to another “information attack” where Ukrainian citizens received spam text messages claiming that ATMs were not working.
February 2022. A Beijing-based cybersecurity company accused the U.S. National Security Agency of engineering a back-door to monitor companies and governments in over 45 countries around the world. A Foreign Ministry spokesman said that operations like this may threaten the security of China’s critical infrastructure and compromise trade secrets.
February 2022. A Pakistani group deployed a remote access trojan to conduct espionage against Indian military and diplomatic targets. The group generally uses social engineering and/or USB-based worms to penetrate a network.
February 2022. An Iranian-linked group conducted espionage and other malicious cyber operations against a range of private companies and local and federal governments.
February 2022. Kremlin-linked threat actors hacked into numerous defense contractors between January 2020 and February 2022. The hackers collected and exfiltrated emails and sensitive data relating to the companies’ products and information and interactions with foreign governments.
February 2022. Multiple oil terminals in some of Europe’s biggest ports across Belgium and Germany fell victim to a cyberattack, rendering them unable to process incoming barges. A ransomware strain associated with a Russian-speaking hacking group was used to disrupt the ability of energy companies to process payments.
February 2022. Since October 2021, a hacking group targeted Palestinian individuals and organizations with malware. Researchers suggest that the operation could be connected to a broader campaign by a hacking group commonly attributed to the cyber arm of Hamas that started in 2017.
February 2022. A U.N. report claimed that North Korea hackers stole more than $50 million between 2020 and mid-2021 from three cryptocurrency exchanges. The report also added that in 2021 that amount likely increased, as the DPRK launched 7 attacks on cryptocurrency platforms to help fund their nuclear program in the face of a significant sanctions regime.
February 2022. An investigation led by Mandiant discovered that hackers linked to the Chinese-government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years beginning in at least February 2020.
February 2022. The networks of the U.K. Foreign Office were penetrated by hackers. All details of the incident remain confidential.
January 2022. A Belarusian hacktivist group accessed the networks of state-owned Belarusian Railway. The group encrypted the majority of the Railway’s servers and destroyed data held on a backup server, possibly to complicate Russian troop movements throughout the country.
January 2022. A Chinese hacking group breached several German pharma and tech firms. According to the German government, the hack into the networks of service providers and companies was primarily an attempt to steal intellectual property.
January 2022. Hackers shut down internet traffic to and from North Korea twice in two weeks from what researchers say was likely a series of DDoS attacks. The second attack came just after North Korea’s 5th missile test of the month.
January 2022. Hackers breached the Canadian Foreign Ministry, hampering some of the Ministry’s internet-connected services. The hack came a day after the government issued a warning to bolster network security in anticipation of Russia-based cyberattacks on critical infrastructure.
January 2022. A series of DDoS attacks targeted a high-stakes Minecraft tournament and ended up impacting Andorra Telecom, the country's only internet service provider. The attack disrupted 4G and internet services for customers.
January 2022. The Informatic Directorate of the Greek Parliament identified an attempt to hack into 60 parliamentary email accounts. In response, authorities temporarily shut down the mailing system in the legislature.
January 2022. An Australian spokesman accused WeChat of taking down Prime Minister Scott Morrison’s account and redirecting users to a website that provides information for Chinese expatriates. The Government claims that they first encountered problems posting to the Prime Minister’s account in mid-2021.
January 2022. Hackers breached systems belonging to the International Committee of the Red Cross, gaining access to data on more than 500,000 people and disrupting their services around the world.
January 2022. A cyberattack targeted the Ukrainian government, hitting 90 websites and deploying malicious software masquerading as ransomware to damage dozens of computers in government agencies.
January 2022. Hackers attacked several Israeli media outlets, including Maariv and the Jerusalem Post, posting threatening messages on their websites. One message stated "we are close to you where you do not think about it" in English and Hebrew.
January 2022. A DRPK-affiliated group targeted multiple Russian diplomats with malware. The diplomats received an email disguised as a New Year greetings screensaver but which, after being opened, installed a remote access trojan.
December 2021 . A cyberattack on the Belgium Ministry of Defence forced part of its computer network, including the ministry’s mail system, to shut down for several days. Hackers exploited the Log4j vulnerability to compromise the network.
December 2021. Hackers targeted multiple Southeast Asian governments over the past 9 months using custom malware linked to Chinese state-sponsored groups. Many of the nations targeted are currently engaged in disputes with China over territorial claims in the South China Sea.
December 2021 . A breach of Prime Minster Modi’s Twitter allowed hackers to Tweet from the account that India officially adopted bitcoin as legal tender. The Tweet also included a scam link promising a bitcoin giveaway.
December 2021. A Bloomberg investigation publicly linked an intrusion into Australia’s telecommunications systems in 2012 to malicious code embedded in a software update from Huawei.
December 2021. Cybersecurity firms found government-linked hackers from China, Iran, and North Korea attempting to use the Log4j vulnerability to gain access to computer networks. Following the announcement of Log4j, researchers already found over 600,000 attempts to exploit the vulnerability.
December 2021. Chinese hackers breached four more U.S. defense and technology firms in December, in addition to one organization in November. The hackers obtained passwords to gain access to the organizations’ systems and looked to intercept sensitive communications.
December 2021. A Russian group took responsibility for a ransomware attack on Australian utility company CS energy. This announcement came after Australian media outlets blamed Chinese government hackers for the attack.
November 2021 . A Russian-speaking group targeted the personal information of around 3,500 individuals, including government officials, journalists, and human rights activists. The group obtained access to private email accounts and financial details, and operated malware on Android and Windows devices.
November 2021. Hackers gained access to the social security and driver’s license numbers of employees after compromising a U.S. defense contractor.
November 2021. Chinese officials claim a foreign intelligence agency hacked into several airlines in China and stole passenger information. The officials stated the hacks are connected due to the use of a custom trojan in all the attacks.
November 2021. After CISA publicly shared details on a vulnerability, Chinese hackers targeted nine companies and 370 servers between September and October using the same vulnerability.
November 2021. A vendor that handles data for the UK Labour Party was subject to a cyberattack, affecting the data of its members and affiliates.
November 2021. Hackers gained access to the FBI’s Law Enforcement Enterprise Portal—a system used to communicate to state and local officials—and sent a warning of a cyberattack in an email claiming to be from the Department of Homeland Security (DHS).
November 2021. The stock trading platform, Robinhood, disclosed a social engineering cyberattack that allowed a hacker to gain access to the personal information of around 7 million customers. The data included names, email addresses, and for some, data of birth, and zip codes. Following the breach, the hacker requested payment, presumably not to disclose the stolen data.
October 2021. A Chinese-linked hacking group gained access to calling records and text messages from telecommunication carriers across the globe, according to a report from CrowdStrike. The report outlines the group began its cyberattacks in 2016 and infiltrated at least 13 telecommunications networks.
October 2021. A cyberattack targeted the government-issued electronic cards Iranians use to buy subsidized fuel and altered the text of electronic billboards to display anti-regime messages against the Supreme Leader Ayatollah Ali Khamenei.
October 2021. A group with ties to Iran attempted to hack over 250 Office 365 accounts. All the targeted accounts were either U.S. and Israeli defense technology companies, had a focus on Persian Gulf ports of entry, or maritime transportation companies with a presence in the Middle East.
October 2021. Brazilian hackers carried out a cyberattack on the National Malware Center website belonging to Indonesia’s State Cyber and Password Agency. The hackers edited the contents of the webpage and indicated that the cyberattack was retribution for an Indonesian hack on the Brazilian state website.
October 2021. Hackers leaked data and photos from the Israeli Defense Ministry after gaining access to 165 servers and 254 websites, overall compiling around 11 terabytes of data.
October 2021. An American company announced that the Russian Foreign Intelligence Service (SVR) launched a campaign targeting resellers and other technology service providers that customize, deploy and manage cloud services.
September 2021. Chinese state-linked hackers targeted Afghan telecom provider Roshan and stole gigabytes of data from their corporate mail server over the past year.
September 2021. The EU formally blamed Russia for its involvement in the 'Ghostwriter’ cybercampaign, which targeted the elections and political systems of several member states. Since 2017, Russian operators hacked the social media accounts of government officials and news websites, with the goal of creating distrust in U.S. and NATO forces.
September 2021. Hackers obtained 15 TB of data from 8,000 organizations working with Israel-based company, Voicenter and offered the data online for $1.5 million. Some experts have stipulated the hackers have ties to Iran, but no link has been confirmed.
September 2021. The Lithuanian Defense Ministry found hidden features in popular 5G smartphone models manufactured in China, according to its state-run cybersecurity body. The module embedded in the phones detects and censors 449 keywords or groups of keywords that are counter to the message of the Chinese government.
September 2021. Two hours after the vote opened for Hungary’s opposition primary elections, the polling systems in electoral districts nationwide fell victim to a cyberattack. The actor responsible is still unknown, but the cyberattack led to the government extending voting by two days.
September 2021. The U.S. Department of Justice sentenced Ghaleb Alaumary to more than 11 years in prison for aiding North Korean cybercriminals in money laundering. His assistance included ATM cash-out operations, cyber-enabled bank heists, and business email compromise (BEC) schemes. These attacks targeted banks, professional soccer clubs, and other unnamed companies in the U.S. and U.K.
September 2021. A cyberattack against the United Nations occurred in April 2021, targeting users within the UN network to further long-term intelligence gathering. The hacker was able to access their networks through stolen user credentials purchased on the dark web.
September 2021. The Norwegian Government stated a series of cyberattacks against private and state IT infrastructure came from bad actors sponsored by and operating from China. Their investigation of the hacks claims the actors attempted to capture classified information relating to Norway’s national defense and security intelligence.
September 2021. Researchers and cybersecurity experts revealed a mobile espionage campaign against the Kurdish ethnic group. Hackers targeted individuals on Facebook, persuading them to download apps that contain Android backdoors utilized for espionage.
September 2021. In April 2020, Chinese bots swarmed the networks of the Australian government days after Australia called for an independent international probe into the origins of the coronavirus. These bots looked for potential vulnerabilities on the network to exploit in future cyberattacks.
August 2021. A cyberattack on the government of Belarus compromised dozens of police and interior ministry databases. The hack claims to be a part of an attempt to overthrow President Alexander Lukashenko’s regime.
August 2021. A hacking group targeted a high-profile Iranian prison, uncovering documents, videos, and images that displayed the violent treatment of its prisoners. The group claims to be hacktivists demanding the release of political prisoners.
August 2021. A cyber-espionage group linked to one of Russia’s intelligence forces targeted the Slovak government from February to July 2021 through spear-fishing attempts.
August 2021. Russia targeted and blocked content on “smart voting” app created by Kremlin critic Alexei Navalny and his allies intended to organize voting against the Kremlin in next month's parliamentary elections.
August 2021. Hacks initially attributed to Iran in 2019 and 2020 were found to be conducted by Chinese operatives. The cyberattack broke into computers across Israel’s government and tech companies.
August 2021. A cyberattack on the Covid-19 vaccine-scheduling website for the Italian region of Lazio forced the website to temporarily shut down. New vaccination appointments were unable to be scheduled for several days after the attack.
August 2021. Various Chinese cyber-espionage groups are responsible for the hacks of at least five major Southeast Asian telecommunication providers beginning in 2017. The attacks were carried out by three different hacking groups and are seemingly unlinked despite all groups having a connection to Chinese espionage efforts.
July 2021. Estonia stated a Tallinn-based hacker downloaded 286,438 ID photos from government database, exposing a vulnerability in a platform managed by their Information System Authority (RIA).
July 2021. A cyberattack gained access to 1 terabyte of data from the Saudi Arabian Oil Company through a zero-day exploitation. Hackers are offering to delete the data in exchange for $50 million in cryptocurrency.
July 2021. A widespread APT operation was discovered against users in Southeast Asia, believed to be spearheaded by Chinese entities. Researchers found a total of 100 victims in Myanmar and 1,400 in the Philippines, including many government entities.
July 2021. The United States, the European Union, NATO and other world powers released joint statements condemning the Chinese government for a series of malicious cyber activities. They attributed responsibility to China for the Microsoft Exchange hack from early 2021 and the compromise of more than 100,000 servers worldwide.
July 2021. Transnet Port Terminals (TPT), South Africa’s state-run ports operator and freight rail monopoly, had its rail services disrupted after a hack by unknown actors. Transnet reportedly declared it an act “force majeure.”
July 2021. Several countries used Pegasus, surveillance software created by NSO Group that targets iPhone and Android operating systems, on devices belonging to activists, politicians, and journalists.
July 2021. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between 2011 and 2013. The campaign targeted oil and natural gas pipeline companies in the United States.
July 2021. Iran used Facebook accounts to pose as recruiters, journalists, and NGO affiliates, targeting U.S. military personnel. The hackers sent malware-infected files or tricked targets into submitting sensitive credentials to phishing sites.
July 2021. The Russian defense ministry claimed it was hit with a DDoS attack that caused its website to shut down, stating the attack came from outside the Russian Federation.
July 2021. Norway attributed a March 2021 cyberattack on parliament's e-mail system to China.
July 2021. Iran’s transport and urbanization ministry was the victim of a cyber attack that impacted display boards at stations throughout the country. The attack caused delays and cancellations of hundreds of trains across Iran.
July 2021. Russian hackers exploited a vulnerability in Kaseya’s virtual systems/server administrator (VSA) software allowing them to deploy a ransomware attack on the network. The hack affected around 1,500 small and midsized businesses, with attackers asking for $70 million in payment.
July 2021. The Ukranian Ministry of Defense claimed its naval forces’ website was targeted by Russian hackers who published fake reports about the international Sea Breeze-2021 military drills.
June 2021. Russia claimed that Vladimir Putin’s annual phone-in session was targeted by DDoS attacks.
June 2021. A Chinese-speaking hacking group spearheaded an ongoing espionage effort against the Afghan government through phishing emails. Hackers posed as the Office of the President of Afghanistan and targeted the Afghan National Security Council.
June 2021. The Iranian government launched a widescale disinformation campaign, targeting WhatsApp groups, Telegram channels and messaging apps used by Israeli activists. The campaign aimed to advance political unrest and distrust in Israel.
June 2021. Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks.
June 2021. Hackers linked to Russia’s Foreign Intelligence Service installed malicious software on a Microsoft system that allowed hackers to gain access to accounts and contact information. The majority of the customers targeted were U.S. based, working for IT companies or the government.
June 2021. The U.S. and British governments announced the Russian GRU attempted a series of brute force access against hundreds of government and private sector targets worldwide from 2019 to 2021, targeting organizations using Microsoft Office 365® cloud services.
June 2021. United States Naval Institute (USNI) claimed the tracking data of two NATO ships, the U.K. Royal Navy’s HMS Defender and the Royal Netherlands Navy’s HNLMS Evertsen, was falsified off the coast of a Russian controlled naval base in the Black Sea. The faked data positioned the two warships at the entrance of a major Russian naval base.
June 2021. A cyberattack reportedly from Russia compromised the email inboxes of more than 30 prominent Polish officials, ministers and deputies of political parties, and some journalists.
June 2021. Sol Oriens, a small government contractor that works for the Department of Energy on nuclear weapons issues, was attacked by the Russia-linked hacking group REvil.
June 2021. A spreadsheet was leaked containing classified personal details of the 1,182 United Kingdom’s Special Forces soldiers on WhatsApp.
June 2021. A ransomware attack targeted iConstituent, a newsletter service used by U.S. lawmakers to contact constituents.
June 2021. Hackers working on behalf of Russian intelligence services are believed to have hacked Netherlands police internal network in 2017. The attack occurred during the country’s investigation of the Malaysia Airlines Flight 17 (MH17) that was shot down in 2014.